Banking Trojans have quickly become a popular tool among online criminals looking to make a quick profit. As the name suggests, these types of malware are solely designed to empty people’s bank accounts and other online payment services. Throughout the years, there have been some prominent types of banking trojans that caused quite a bit of damage along the way.
#4 Zbot a.k.a Zeus
Zbot is one of the most notorious banking Trojans, virtually everyone has heard of in recent months. It mainly targets Windows users and aims to retrieve sensitive information from the computer. This information includes login credentials for financial services, including bank accounts. Additionally, the malware has been updated to make a seizure of its command and control servers more difficult. So far, the banking Trojan infected close to 4 million devices in the US alone.
Carberp is one of the oldest forms of banking Trojans to make an impact in recent times still. First iterations of this toolkit focused on stealing online banking credentials. What makes it so notorious was the rootkit feature, which allowed this Trojan to remain undetected on a computer system for extended periods of time. As one would come to expect from these types of malware, it saw further alterations as time progressed.
Future versions of Carberp included a tool that would remove anti-malware software from computers. A year or two ago the toolkit gained a new trick, as it could encrypt stolen data before sending it to the command and control server. Thankfully, Russian authorities made several arrests, bringing Carberp distribution to a halt. The source code for this banking Trojan was made public late last year, and it is still being used in the new versions of malware today.
Don’t mistake this banking Trojan’s name with a new James Bond movie title, as SpyEye is a very nasty type of banking Trojan. Even though this malware did not stick around for long, it certainly made an impact people will never forget. The Trojan became so popular part of it were merged with the Zeus Trojan to create a mega-banking botnet.
SpyEye was used in an attack against Verizon’s online billing page, and even made an appearance on Amazon’s Simple Storage Service. Moreover, it also infected a few Android devices along the way. Three people were arrested in 2012 for their involvement in deploying SpyEye, which effectively heralded the end of this popular Trojan.
As innocent as the name may sound, Citadel was one of the most prolific forms of financial malware at its peak. Its codebase shared similarities with Zeus, but the developer came up with an intriguing twist. He invited everyone in the open-source development world to review the code and improve upon it. In a way, this created a global joint collaboration to create the most powerful banking Trojan.
Citadel came with AES encryption, which was used for its configuration files and the communication with the command and control server. It also evaded tracking sites, blocked addresses to security sites on infected machines, and recorded videos of whatever the device owner was doing at any given time. Nearly 90% of all infections were disabled thanks to a collaboration between Microsoft and other companies. Unfortunately, the Trojan was successful in obtaining an undisclosed amount of financial credentials throughout the years.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.